Director, Technology and Digital Risk Management

Job Purpose

'1. Develop, maintaining risk governance frameworks, policies, and technical solutions to proactively manage digital and technology risks. 
2. Ensure alignment with regulatory requirements and business objectives while embedding risk prevention into digital platforms and transformation initiatives. 
3. Drive strategic direction for risk-aware policies and secure technology solutions.

Policy Development & Governance

- Develop, review, maintain and enhance governance policies, standards, regulations and guidelines related to technology risk, cybersecurity, data protection, and digital operations.
- Align internal policies with global regulatory requirements (e.g. Data Protection Law, Cashless payment services, Electronic transaction Law, Prescribing security and confidentiality in provision of online banking services...) and industry best practices.
- Lead the governance process for policy approval, dissemination, and compliance monitoring across business and IT units.

 Risk Prevention Strategy & Solution Design

- Define and recommend preventive digital controls and security solutions.
- Collaborate with business partner, solution architecture, IT, and security teams and ORME1 to embed risk mitigation into solution design, platforms, and digital transformation projects.
- Evaluate and propose tools and solutions that align with the organization’s risk appetite and threat landscape.
- Define Key Risk Indicators (KRIs) and performance measures to track policy adoption and solution effectiveness.
- Drive continuous improvement by analyzing incidents and near-misses, benchmarking against industry peers and integrating feedback loops into policy and solution lifecycles.

Risk Awareness & Capacity Building

- Lead Bank-wide initiatives to raise awareness of digital and technology risks through training, campaigns, and policy education.
- Provide expert guidance on policy implications, solution design risks, and strategic responses to regulatory or emerging risk trends.
- Build capabilities among internal teams through technical knowledge sharing and policy implementation workshops.

Success Profile - Qualification and Experiences

Experience
- At least 10 years of relevant work experience in banking system, i.e. risk advisory, legal, audit or corporate assurance in an leading bank or financial institution
- At least 5 years working experience in Operational risk management, Digital risk or Business/ Product owner, Technology risk, IT compliance, or Cybersecurity operations
- Have experience in developing Policies, Governance framework for cybersecurity or digital risk (e.g., data privacy, access control, incident response, compliance and continuous monitoring...); and in designing programs to foster a risk-aware culture among employees and leadership.

Expertise
- Extensive knowlegde of operational risk management framework, risk governance & compliance, risk management capabilities, fraud risk management.
- Extensive knowledge of banking information system landscape and banking business operation, emerging technologies including GenAI, Blockchain, Quantium technology.
- Good expertise in identifying, assessing, and prioritizing risks across digital systems, platforms, digital journeys and business operation.
- Capable of using analytics and risk metrics to inform policy changes and measure effectiveness.
- Good alignment between security policies, technical solutions with business goals and risk appetite in an innovative style.
- Good knowledge in international information security standards (ARM, PRM, CFA, ISO 31000, PCI DSS ...), and Online banking service law & regulations (Data Protection Law, Cashless payment services - Circular 15/2024/TT-NHNN, Electronic transaction Law - 20/2023/QH15, Cybersecurity Law, Prescribing security and confidentiality in provision of online banking services - circular 50/2024/TT-NHNN...)

Qualifications
- Bachelor's or Master's degree in banking and finance, economics, risk management, law, accounting and audit...
- English: TOEIC 700 or equivalent
- Professional certification in ARM, PRM, CRISC/CISA, ISO 31000

Advantage
- Deep knowledge of IT risk management framework, information security, information systems, IT Audit, IT compliance assessment...
- Working experience at the leading banks or financial institution/ ecosystem